With talk of enabling RELRO by default, net/unifi has been modified to pass LDFLAGS in a place it didn't. I have carried over this change to net/unifi6. I am unaware of unifi being tested after this change. Separately, 6.2 (wip/unifi6) is starting to seem stable enough. So, this is a call for testing (actually running and communicating with devices; I know it builds on NetBSD 9 amd64). I'd be interested in reports: Does net/unifi with the current default hardening options work? Does net/unifi work (and of course build) with proposed hardening options? Does wip/unifi6 with the current default hardening options work? Does wip/unifi6 work (and of course build) with proposed hardening options? Do you think it's time to update net/unifi from wip/unifi6, moving from 6.0.x to 6.2.x? (I now think it's time.) (and, if everybody who uses unifi is already on 6.2, that means it is time, and I don't care about 6.0 testing) (FWIW, I'm running 6.2 from before the recent RELRO/pkglint and it was been working; I no longer have any 6.0 unifi setups.) I think the proposed changes are PKGSRC_USE_SSP?= strong PKGSRC_USE_RELRO?= partial PKGSRC_MKREPRO?= yes and of course testing with anything more aggressive is fine too. (It would also be helpful to know if openjdk built with more hardening works, and works with unifi.) Thanks, Greg
Attachment:
signature.asc
Description: PGP signature